[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reasonable to use crypto in all communications? (Re: Fwd: Minutes/ Notes)



Pekka Nikander;

> >>The id/loc mapping itself needs some kind of protection,
> > 
> > For most mapping, cookie is the protection.
> > For mobility mapping, the protection should use shared secret.
> 
> Depending on the definition of cookie, I may agree.
> Depending on how you get the shared secret, I may agree.
> 
> Hence, please be more specific.  And please explain in
> detail how you *bootstrap* the system.

It is of course that cookie is exchanged with three way handshake
and the shared secret is shared OOB.

Note that the shared secret is necessary only between HA and
MH (rest is done by cookie) that the secret is shared when
MH owner asks HA service to the administrator of the HA and
configured to MH when a HA address is configured.

> Assuming a global PKI is not a solution.

I know very well why PKI is not useful.

						Masataka Ohta